As the ubiquity and importance of digitally stored data continues to rise, the importance of keeping that data secure rises accordingly. While companies and individuals seek to protect their data, other individuals, organizations, and corporations seek to exploit security holes in order to access that data and/or wreak havoc on the computer systems themselves. Generally the different types of software that seek to exploit security holes can be termed “malware,” and may be categorized into groups including viruses, worms, adware, spyware, and others. One type attack that may be carried out by malware is known as a “denial of service” attack. A denial of service attack may occur when one or more electronic devices attempt to make another, networked electronic device unavailable. This type of attack may be carried out by flooding the target electronic device with illegitimate network traffic, such as illegitimate requests for information, so that the target device is overwhelmed and can not respond to legitimate network traffic.
As networks expand, and more and more electronic devices are able to communicate with one another, denial of service attacks may take advantage of the increased availability of networked electronic devices. One such adaptation of a denial of service attack is a “distributed denial of service” (“DDOS”) attack. With a DDOS attack, a large number of electronic devices may work together to flood a target electronic device with illegitimate network traffic, as described above. DDOS attacks have increasingly become a threat to web services provided by internet service providers, large corporations, and governments around the world.
As these attacks continue to rise, it becomes increasingly important to be able to detect these attacks as quickly as possible, and to protect the vulnerable electronic devices as thoroughly as possible. In a DDOS, the large number of attacking electronic devices, and the correspondingly large amount of data, makes detection and protection correspondingly difficult.